|
|
@@ -20,6 +20,10 @@ on:
|
|
|
schedule:
|
|
|
- cron: '0 19 * * 0'
|
|
|
|
|
|
+permissions:
|
|
|
+ contents: read
|
|
|
+ security-events: write
|
|
|
+
|
|
|
jobs:
|
|
|
analyze:
|
|
|
name: Analyze
|
|
|
@@ -41,11 +45,6 @@ jobs:
|
|
|
# a pull request then we can checkout the head.
|
|
|
fetch-depth: 2
|
|
|
|
|
|
- # If this run was triggered by a pull request event, then checkout
|
|
|
- # the head of the pull request instead of the merge commit.
|
|
|
- - run: git checkout HEAD^2
|
|
|
- if: ${{ github.event_name == 'pull_request' }}
|
|
|
-
|
|
|
# Initializes the CodeQL tools for scanning.
|
|
|
- name: Initialize CodeQL
|
|
|
uses: github/codeql-action/init@v1
|
Joe Chen